Thanks to visit codestin.com
Credit goes to github.com

Skip to content

handle KeyUpdate #1882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 16, 2018
Merged

handle KeyUpdate #1882

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2de67d5
Revert "Revert "Revert "Revert "Revert "link picotest so that picotls…
kazuho Oct 15, 2018
b067c31
extract https://github.com/h2o/picotls @ 6af0a58 () at deps/picotls
kazuho Oct 16, 2018
5ef70c8
Revert "Revert "Revert "Revert "Revert "Revert "link picotest so that…
kazuho Oct 16, 2018
2b16e57
handle KeyUpdate
kazuho Oct 16, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion deps/picotls/.travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@ matrix:
- os: linux
dist: trusty
sudo: required
compiler: clang
compiler: clang-6.0
addons:
apt:
sources: ['llvm-toolchain-trusty-6.0', 'ubuntu-toolchain-r-test']
packages: ['g++-4.9','clang-6.0']
- os: osx

language: c
Expand Down
14 changes: 14 additions & 0 deletions deps/picotls/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,17 @@ ADD_CUSTOM_TARGET(check prove --exec '' -v ${CMAKE_CURRENT_BINARY_DIR}/*.t WORKI
IF ("${CMAKE_SYSTEM_NAME}" MATCHES "SunOS")
TARGET_LINK_LIBRARIES(cli "socket" "nsl")
ENDIF ()

IF (BUILD_FUZZER)
IF (NOT CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
MESSAGE(FATAL ERROR "The fuzzer needs clang as a compiler")
ENDIF()

ADD_EXECUTABLE(fuzzer-asn1-validation fuzz/fuzzer-asn1-validation.c lib/asn1.c)
SET_TARGET_PROPERTIES(fuzzer-asn1-validation PROPERTIES LINK_FLAGS "-fsanitize=fuzzer")
SET_TARGET_PROPERTIES(fuzzer-asn1-validation PROPERTIES COMPILE_FLAGS "-fsanitize=fuzzer")

ADD_EXECUTABLE(fuzzer-asn1-type-and-length fuzz/fuzzer-asn1-type-and-length.c lib/asn1.c)
SET_TARGET_PROPERTIES(fuzzer-asn1-type-and-length PROPERTIES LINK_FLAGS "-fsanitize=fuzzer")
SET_TARGET_PROPERTIES(fuzzer-asn1-type-and-length PROPERTIES COMPILE_FLAGS "-fsanitize=fuzzer")
ENDIF()
64 changes: 64 additions & 0 deletions deps/picotls/fuzz/fuzzer-asn1-type-and-length.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <stddef.h>
#include <stdarg.h>
#include "picotls/asn1.h"

static struct feeder {
const uint8_t *data;
size_t size;
} feeder;

static void feeder_init(const uint8_t *orig_data, size_t orig_size)
{
feeder.data = orig_data;
feeder.size = orig_size;
}

static uint8_t feeder_next_byte(void)
{
if (feeder.size == 0) {
return 0;
}
uint8_t byte = *feeder.data;
--feeder.size;
++feeder.data;
return byte;
}

void count_printf(void *ctx, const char *format, ...)
{
int *c = ctx;
va_list argptr;
va_start(argptr, format);
c += vsnprintf(NULL, 0, format, argptr);
va_end(argptr);
return;
}

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
int i, counter, indefinite_length, decode_error;
ptls_minicrypto_log_ctx_t ctx = {&counter, count_printf};
uint8_t *bytes, expected_type;
size_t last_byte, bytes_max, byte_index;
uint32_t length;

feeder_init(Data, Size);
bytes_max = ((size_t)feeder_next_byte() << 16) + (feeder_next_byte() << 8) + feeder_next_byte();
if (bytes_max == 0)
return 0;
byte_index = ((size_t)feeder_next_byte() << 16) + (feeder_next_byte() << 8) + feeder_next_byte();
byte_index = byte_index % bytes_max;
bytes = malloc(bytes_max);
for (i = 0; i < bytes_max; i++) {
bytes[i] = feeder_next_byte();
}
expected_type = feeder_next_byte();
ptls_asn1_get_expected_type_and_length(bytes, bytes_max, byte_index, expected_type, &length, &indefinite_length, &last_byte,
&decode_error, &ctx);
free(bytes);
return 0;
}
24 changes: 24 additions & 0 deletions deps/picotls/fuzz/fuzzer-asn1-validation.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#include <stdint.h>
#include <stdio.h>
#include <stddef.h>
#include <stdarg.h>
#include "picotls/asn1.h"

void count_printf(void *ctx, const char *format, ...)
{
int *c = ctx;
va_list argptr;
va_start(argptr, format);
c += vsnprintf(NULL, 0, format, argptr);
va_end(argptr);
return;
}

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
int counter;
ptls_minicrypto_log_ctx_t ctx = {&counter, count_printf};
ptls_asn1_validation(Data, Size, &ctx);
return 0;
}
24 changes: 21 additions & 3 deletions deps/picotls/include/picotls.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -466,6 +466,10 @@ struct st_ptls_context_t {
* to authenticate the client.
*/
unsigned require_client_authentication : 1;
/**
* if set, EOED will not be emitted or accepted
*/
unsigned omit_end_of_early_data : 1;
/**
*
*/
Expand Down Expand Up @@ -751,9 +755,11 @@ ptls_cipher_suite_t *ptls_get_cipher(ptls_t *tls);
*/
const char *ptls_get_server_name(ptls_t *tls);
/**
* sets the server-name (for client the value sent in SNI). If server_name_len is zero, then strlen(server_name) is called to
* determine
* the length of the name.
* sets the server-name associated to the TLS connection. If server_name_len is zero, then strlen(server_name) is called to
* determine the length of the name.
* On the client-side, the value is used for certificate validation. The value will be also sent as an SNI extension, if it looks
* like a DNS name.
* On the server-side, it can be called from on_client_hello to indicate the acceptance of the SNI extension to the client.
*/
int ptls_set_server_name(ptls_t *tls, const char *server_name, size_t server_name_len);
/**
Expand Down Expand Up @@ -793,6 +799,10 @@ int ptls_receive(ptls_t *tls, ptls_buffer_t *plaintextbuf, const void *input, si
* encrypts given buffer into multiple TLS records
*/
int ptls_send(ptls_t *tls, ptls_buffer_t *sendbuf, const void *input, size_t inlen);
/**
* updates the send traffic key (as well as asks the peer to update)
*/
int ptls_update_key(ptls_t *tls, int request_update);
/**
* Returns if the context is a server context.
*/
Expand Down Expand Up @@ -916,10 +926,18 @@ void ptls_aead__build_iv(ptls_aead_context_t *ctx, uint8_t *iv, uint64_t seq);
* clears memory
*/
extern void (*volatile ptls_clear_memory)(void *p, size_t len);
/**
* constant-time memcmp
*/
extern int (*volatile ptls_mem_equal)(const void *x, const void *y, size_t len);
/**
*
*/
static ptls_iovec_t ptls_iovec_init(const void *p, size_t len);
/**
* checks if a server name is an IP address.
*/
int ptls_server_name_is_ipaddr(const char *name);

/* inline functions */
inline ptls_iovec_t ptls_iovec_init(const void *p, size_t len)
Expand Down
34 changes: 18 additions & 16 deletions deps/picotls/lib/asn1.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
/*
* Copyright (c) 2016 Christian Huitema <[email protected]>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
* Copyright (c) 2016 Christian Huitema <[email protected]>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

/*
* Basic ASN1 validation and optional print-out
*/
* Basic ASN1 validation and optional print-out
*/

#ifdef _WINDOWS
#include "wincompat.h"
Expand Down Expand Up @@ -240,6 +240,8 @@ size_t ptls_asn1_validation_recursive(const uint8_t *bytes, size_t bytes_max, in
ptls_asn1_error_message("EOC: unexpected end of content", bytes_max, byte_index, level + 1, log_ctx);

*decode_error = PTLS_ERROR_BER_UNEXPECTED_EOC;
byte_index = bytes_max;
break;
} else {
if (log_ctx != NULL) {
ptls_asn1_print_indent(level, log_ctx);
Expand Down
9 changes: 7 additions & 2 deletions deps/picotls/lib/openssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1049,7 +1049,12 @@ static int verify_cert_chain(X509_STORE *store, X509 *cert, STACK_OF(X509) * cha
#ifdef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
/* verify CN */
if (server_name != NULL) {
if ((ret = X509_check_host(cert, server_name, strlen(server_name), X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, NULL)) != 1) {
if (ptls_server_name_is_ipaddr(server_name)) {
ret = X509_check_ip_asc(cert, server_name, 0);
} else {
ret = X509_check_host(cert, server_name, strlen(server_name), X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, NULL);
}
if (ret != 1) {
if (ret == 0) { /* failed match */
ret = PTLS_ALERT_BAD_CERTIFICATE;
} else {
Expand Down Expand Up @@ -1259,7 +1264,7 @@ int ptls_openssl_decrypt_ticket(ptls_buffer_t *buf, ptls_iovec_t src,
ret = PTLS_ERROR_LIBRARY;
goto Exit;
}
if (memcmp(src.base + src.len, hmac, hmac_size) != 0) {
if (!ptls_mem_equal(src.base + src.len, hmac, hmac_size)) {
ret = PTLS_ALERT_HANDSHAKE_FAILURE;
goto Exit;
}
Expand Down
15 changes: 6 additions & 9 deletions deps/picotls/lib/pembase64.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ static char ptls_base64_alphabet[] = {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'};

static char ptls_base64_values[] = {
static signed char ptls_base64_values[] = {
/* 0x00 to 0x0F */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
/* 0x10 to 0x1F */
Expand Down Expand Up @@ -126,7 +126,7 @@ int ptls_base64_decode(const char *text, ptls_base64_decode_state_t *state, ptls
uint8_t decoded[3];
size_t text_index = 0;
int c;
char vc;
signed char vc;

/* skip initial blanks */
while (text[text_index] != 0) {
Expand Down Expand Up @@ -155,13 +155,10 @@ int ptls_base64_decode(const char *text, ptls_base64_decode_state_t *state, ptls
state->v <<= 6;
} else {
/* Skip final blanks */
text_index--;
while (text[text_index] != 0) {
c = text[text_index++];

if (c == ' ' || c == '\t' || c == '\r' || c == '\n' || c == 0x0B || c == 0x0C) {
continue;
}
for (--text_index; text[text_index] != 0; ++text_index) {
c = text[text_index];
if (!(c == ' ' || c == '\t' || c == '\r' || c == '\n' || c == 0x0B || c == 0x0C))
break;
}

/* Should now be at end of buffer */
Expand Down
Loading